GDPR is the Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council), which governs the protection of individuals' personal data within the European Union. The GDPR will replace the EU's 1995 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (95/46/EC). The provisions will apply in all EU Member States from 25.05.2018.
The purpose of GDPR is to strengthen and harmonise the protection of personal data in the European Union. The existing legislation came before the creation of new ways of processing personal data on the internet, among other things, and GDPR aims to legally regulate these issues and set security standards adequate to the challenges of the 21st century.
| |||
This Policy is intended to tell you what personal data we collect, for what purposes, how we use it and who we are. It is intended to indicate the rights you have in relation to our processing of your personal data.
This Privacy Policy does not apply to our processing of personal data of employees and associates.
| |||
ADMINISTRATOR, DATA AND CONTACT | |||
1.
|
The administrator of your personal data is OCHNIK S.A based in Garwolin address: ul. Stacyjna 8B, 08-400 Garwolin, entered in the Register of Entrepreneurs kept by the District Court for the Lublin-Wschód in Lublin with its registered office in Świdnik, 6th Commercial Division of the National Court Register under the KRS number 0000604045, NIP 826-000-07-80, REGON: 005176399 with the share capital of 8,090,500.00 PLN (hereinafter "We").
You can contact us:
| ||
|
-
|
by mail, to the address: OCHNIK S.A., ul. Stacyjna 8B, 08-400 Garwolin;
| |
|
-
|
by email, at: [email protected]
| |
PERSONAL DATA INSPECTOR, DATA AND CONTACT | |||
2.
|
We have established a Data Protection Officer to whom you can address any question or request on all matters concerning your personal data:
| ||
|
-
|
by letter, to the address: OCHNIK S.A. Inspector for Personal Data Protection,
ul. Stacyjna 8B, 08-400 Garwolin; | |
|
-
|
by email, at: [email protected]
| |
|
The Data Protection Officer's role is to ensure and monitor compliance with data protection legislation. He or she is the point of contact for all matters relating to our processing of your personal data and the exercise of your rights in this respect. The Data Protection Officer is independent in the performance of his/her tasks.
| ||
What personal data do we process and where do we get it from? | |||
3.
|
We process your personal data which we receive from you in connection with the transactions concluded with us or during your contacts with us. This is, in particular, data you provide us with in connection with contracts concluded with us or by requesting us to take certain actions before concluding them or by joining the OCHNIK Client Club or by corresponding or contacting us or by requesting a VAT invoice or making a complaint or withdrawing from a contract or subscribing to a newsletter or creating an Internet account.
If you pay us via, for example, a bank or payment institution, we will also come into possession of data on the account number from which this payment was made. We will also process the details of the bank account to which we will make refunds to you.
In addition, we may collect your behavioural data relating to your behaviour. This includes data relating to transactions you make, complaints you make, your correspondence and contact history with us, your activity on our website and online shop, our social media profiles (e.g. Facebook), our accounts on third party websites (e.g. Allegro), such as products viewed, IP addresses or device identifiers, cookie data and locations, correspondence, contacts, as well as feedback about us and our products and services. We may combine this data with other data we hold about you and process it primarily for compilation, analysis and statistics for internal purposes, customer service support and marketing purposes.
For the purpose of pursuing claims, we may also collect your PESEL number or residential address from publicly available sources, including CEiDG, KRS, REGON or other registers and records maintained by public administration bodies.
| ||
Do you need to provide us with your personal information? | |||
4.
|
Please note that your provision of personal information to us is entirely PROFIT You may or may not have to do so.
The provision of data is not a statutory obligation and may only be a contractual requirement.
You must, however, take into account that it may be necessary for you to provide certain personal data in order to:
| ||
|
-
|
entering into or performing a contract with us, e.g. if you make a purchase in our online shop or create an online account;
| |
|
-
|
issue a VAT invoice and make tax settlements;
| |
|
-
|
gain the benefits of being a member of the OCHNIK Client Club;
| |
|
-
|
receive your newsletter;
| |
|
-
|
We handle cases referred to the Customer Service Department or the Complaints Department;
| |
|
-
|
handling your withdrawal and performing our obligations thereunder.
| |
|
In the cases indicated above, your failure to provide personal data may result in:
| ||
|
-
|
you will not be able to make a purchase in our online shop or create an online account;
| |
|
-
|
we will not be able to deliver the newsletter to you;
| |
|
-
|
we will not be able to invoice you and do your tax returns;
| |
|
-
|
we will not be able to process and respond to your complaint or withdrawal or perform our obligations under these titles;
| |
|
-
|
we will not be able to process your case;
| |
|
-
|
you will not be able to become a member of the OCHNIK Client Club or benefit from the benefits resulting from OCHNIK Client Club membership, e.g. discounts.
| |
|
Each time the scope of data required to conclude a contract or carry out other actions with us is contained in the forms used on our website, declaration of joining the OCHNIK Client Club or our other documents or their templates, e.g. complaints, withdrawal from a contract.
We can also ask you for optional data that we need so that we can, for example, call you at the number provided and agree, for example, a specific day and time for the delivery of the ordered goods.
| ||
WHY DO WE NEED YOUR DATA, ON WHAT BASIS DO WE PROCESS IT AND FOR HOW LONG? | |||
5.
|
Your personal data is needed and processed by us in order to:
| ||
|
-
|
take pre-contractual action at your request (e.g. to quote for a service or inform you of product availability) - Article 6(1)(b) GDPR
- for the time necessary to carry out these activities;
| |
|
-
|
conclusion and performance of the contract - Article 6(1)(b) GDPR
- for the time necessary for the performance of the contract and the settlement thereof;
| |
|
-
|
to comply with our legal obligations - legal basis Article 6(1)(c) GDPR covering:
| |
|
|
(i)
|
Liability for non-conformity of goods or warranty for defects
- for the duration of liability under this title;
|
|
|
(ii)
|
obligations for withdrawal or termination
- for the period until the statute of limitations for claims arising therefrom;
|
|
|
(iii)
|
Duties relating to the issuance and retention of invoices and documents required by tax law and accounting Terms & Conditions
- until the invoice or other documents are issued and then for the period of retention specified by tax and accounting Terms & Conditions;
|
|
|
(iv)
|
storage of data to demonstrate compliance with accountability and other obligations imposed by data protection legislation
- for the duration of liability under this title;
|
|
-
|
|
realisation of our so-called legitimate interests - legal basis Article 6(1)(f) GDPR - occurring in the case of:
|
|
|
(i)
|
establishment, defence, redress
-until the statute of limitations for claims under the contract or our pre-contractual activities or demands;
|
|
|
(ii)
|
creation of compilations, analyses and statistics for our internal needs, covering, in particular, reporting, research and planning for the development of our products, including services and enhancement of their quality, development work in our IT systems
- for the duration of the contract or, in the event that the contract is not concluded, until completion of the action taken on the request, and thereafter for the period until the statute of limitations for claims under the contract or our action in relation to the contract or pre-contractual requests;
|
|
|
(iii)
|
ensure network and information security
- for the entire period of data retention, i.e. until the statute of limitations for contractual claims or our pre-contractual actions or demands and the cessation of our liability for accountability and other obligations imposed by data protection legislation;
|
|
|
(iv)
|
customer service support
- for the duration of the contract or until the end of the action on request in the event that the contract is not concluded;
|
|
|
(v)
|
for marketing purposes, including profiling, i.e. to provide information about our promotions, products, events, campaigns, including special offers
-for the duration of the contract;
|
|
|
(vi)
|
protect against fraud attempts
for the duration of the proceedings on this subject;
|
|
|
(vii)
|
ensure the safety of persons (primarily employees and customers) and property
- for the duration of the proceedings on this subject.
|
|
We may also process your data on the basis of: | ||
|
-
|
given to us for the purposes set out therein
-until consent is withdrawn,
after withdrawal of consent
- until the statute of limitations for claims arising from our actions taken on its basis and the cessation of our liability under accountability and other obligations imposed by data protection legislation for the purpose of establishing, defending or pursuing such claims, compiling compilations, analyses and statistics for our internal purposes, ensuring network and information security (i.e. for the pursuit of our so-called legitimate interests - Article 6(1)(f) GDPR) and to demonstrate compliance with accountability and other obligations imposed by data protection legislation (i.e. to comply with legal obligations - Article 6(1)(c) GDPR).
| |
|
In particular, the processing of your personal data may involve operations such as collecting, recording, organising, structuring, storing, modifying, viewing, using, transmitting, disseminating or otherwise making available, matching or linking, limiting, deleting, destroying. These operations may be carried out in an automated manner, e.g. in information systems, or in a non-automated manner, e.g. in files, on paper.
| ||
TO WHOM WE CAN SUBMIT YOUR DATA
| |||
6.
|
Your data can be submitted:
| ||
|
-
|
our employees and associates who need to access the data to perform our obligations or activities for you;
| |
|
-
|
to entities processing your personal data on our behalf and participating in the performance of our activities, i.e.:
| |
|
|
(i)
|
to our subcontractors who support us in the execution of contracts, orders and customer service, e.g. in the handling of correspondence or in the customer service process, or who operate sales shops or other intermediaries in the sale of our products, including services, or to experts acting on our behalf;
|
|
|
(ii)
|
advertising agencies or other entities organising or conducting or cooperating with or intermediating in the organisation or conduct of our marketing campaigns;
|
|
|
(iii)
|
entities operating our ICT systems or providing us with ICT tools, including IT platforms, or space on servers or websites;
|
|
|
(iv)
|
entities providing us with consulting, advisory, auditing services or legal, tax, accounting assistance;
|
|
|
(v)
|
research agencies acting on our behalf;
|
|
|
(vi)
|
to entities providing services to us relating to the security of persons and property;
|
|
-
|
other administrators being:
| |
|
|
(i)
|
advertising agencies, or entities conducting or organizing or cooperating with or intermediating in conducting or organizing our marketing campaigns or cooperating with us in servicing customers or running OCHNIK sales shops or other entities intermediating in the sale of our goods, including services - in order to settle the remuneration due to them;
|
|
|
(ii)
|
postal or courier service providers - to deliver correspondence or parcels;
|
|
|
(iii)
|
entities carrying freight or forwarding services - for the purpose of delivering freight shipments;
|
|
|
(iv)
|
payers (banks, payment institutions) - for the purposes of making refunds or ensuring the operation of the direct debit service;
|
|
|
(v)
|
credit providers (banks) - in order to provide credit for the purchase of our products, including services and to carry out refunds;
|
|
|
(vi)
|
insurance companies - to insure freight shipments;
|
|
|
(vii)
|
purchasers of receivables - in case of non-payment of the price for the purchased goods or the remuneration for the execution of the order on time or other receivables to us.
|
WHAT IS IT AND WHAT IS THE SO-CALLED AUTOMATIC PROCESSING, INCLUDING PROFILING? | |||
7.
|
For the duration of the contract with you until it is performed, and after or prior to the performance of the contract, we will be able to automatically process your personal data on the basis of your consent, including so-called profiling.
Profiling is the automatic processing of personal data, which involves using it to assess your behaviour, including analysis and forecasting of your economic situation, preferences, interests, reliability, behaviour, purchasing decisions, etc. It includes, for example, determining how you use the internet or what products you buy.
We do this based on data we collect from, among others:
| ||
|
-
|
predictive analysis i.e. predicting your behaviour such as reactions to marketing campaigns in the media, purchasing decisions, product abandonment and switching to competitors, and identifying potential threats and opportunities for us;
| |
|
-
|
the web identifiers you use;
| |
|
-
|
Your behavioural data.
| |
|
This allows us to tailor our offers to your needs or interests or give you benefits tailored to them. It allows us to prepare and present you with personalised offers or give you benefits, including discounts tailored to your preferences and needs.
Decisions in this respect are made automatically on the basis of criteria such as your gender, addresses of the stores where you shopped, the number and frequency of purchases made in OCHNIK stores and in the internet shop, and the number and type of goods and services purchased.
When the criteria have been determined to be met, the IT system will automatically send you information about the special offer or benefit granted. You can take advantage of it or decline it, as well as appeal against the decision in question.
| ||
WHAT ARE YOUR RIGHTS? | |||
8.
|
Remember that you have the following rights in relation to our processing of your data:
| ||
|
-
|
right of access to your personal data, under which you can request from us:
| |
|
|
(i)
|
view your data, which may concern all your data or selected data you indicate to us;
|
|
|
(ii)
|
information about your personal data, including information on: whether we process your personal data, what kind of your data we process, for what purpose we process your data, to whom we transfer your personal data (by indicating at least the categories of entities to whom we transfer your data), for how long we will process your data, and if it is not possible to provide this period you can request that we provide you with the criteria for its determination, what rights you have in relation to our processing of your personal data, what rights you have under the right to: rectification, erasure, restriction of the processing of your personal data, to lodge an objection, to lodge a complaint with a data protection authority, from which source we have your data if you have not provided it yourself, whether we make decisions towards you in an automated manner, including the use of so-called "profiling". profiling, on what basis, and what significance and consequences this has for you, whether we transfer your data to a third country or international organisation and, if so, what safeguards are in place for this transfer;
|
|
|
(iii)
|
provide a copy of your personal data in a format of your choice, whereby if you request a copy of your data electronically and do not indicate otherwise, we will provide the information by common electronic means; our making and providing of the first copy of your data is free of charge; for any subsequent copies we may charge a reasonable fee based on administrative costs;
|
|
-
|
the right to rectification of personal data if they are incorrect and the right to completion of incomplete data, under which you can request that we remove errors, faults, misleading information in your data, e.g. wrong name or new address of residence if it changes or name changed due to marriage;
| |
|
-
|
right to erasure of personal data (right to be forgotten), under which you can request:
| |
|
|
(i)
|
deletion of your personal data by us;
|
|
|
(ii)
|
inform other controllers to whom we have made public your data, which we are obliged to delete, of the need to remove links to, copies of or replication of that data;
|
|
|
if any of the following situations occur:
| |
|
|
a)
|
Your data is no longer necessary to us for the purposes for which we obtained it from you;
|
|
|
b)
|
you withdraw your consent for us to process your personal data and at the same time we cannot process it on any other legal basis;
|
|
|
(c)
|
you object on grounds relating to your particular situation to the processing of your personal data in the so-called legitimate interests pursued by us and there are no overriding legitimate grounds for processing;
|
|
|
d)
|
you object to the processing of your personal data in advertising campaigns or other marketing activities;
|
|
|
e)
|
we are found to be processing your data unlawfully, e.g. without your consent when it is necessary;
|
|
|
f)
|
removal of data is necessary to comply with a legal obligation under European Union or Polish law;
|
|
|
g)
|
we collected data from the child in connection with offering information society services;
|
|
-
|
right to restrict the processing of your personal data, which you can request from us in any of the following cases:
| |
|
|
(i)
|
if you dispute the accuracy of your personal data at our disposal - in which case you may request a restriction of processing, e.g. by ceasing processing, for a period of time allowing us to check the accuracy of your data;
|
|
|
(ii)
|
if the processing of your data is unlawful, e.g. we have not obtained your consent, and you object to us deleting your data, requesting instead that we restrict its use;
|
|
|
(iii)
|
if we no longer need your data for the purposes of the processing and you need it to establish, assert or defend a claim;
|
|
|
(iv)
|
if you have lodged an objection on grounds relating to your particular situation to the processing of your data for purposes arising from the so-called legitimate interests pursued by us, in which case you may request that we restrict the processing until we have determined whether our legitimate grounds override the grounds for your objection;
|
|
-
|
right to data portability of personal data processed by us by automated means based on consent or contract, under which you may request from us:
| |
|
|
(i)
|
receive personal data relating to you which you have provided to us on the basis of consent or contract or in connection with a request by you to take pre-contractual action and which we process by automated means;
|
|
|
(ii)
|
transmit the above data to you without hindrance;
|
|
|
(iii)
|
transfer of the aforementioned data by us to another controller, insofar as this is technically possible;
|
|
|
you have the right to receive the above data in a structured, commonly used machine-readable format;
| |
|
-
|
lodge a complaint with the President of the Office for Personal Data Protection in the event of any unlawful processing of your personal data;
| |
|
-
|
the right to withdraw consent at any time without consequence without affecting the lawfulness of the processing of your data that we have carried out prior to withdrawal, whereby once consent is withdrawn, we will no longer be able to process your data further and will have to delete it unless there is another legal basis for us to process your personal data;
| |
|
-
|
right to object to:
| |
|
|
(i)
|
processing of your personal data by us for marketing purposes, i.e. for the purpose of advertising campaigns and other marketing activities, including against so-called profiling (e.g. if you do not wish, for example, offers or advertisements for our products, whereby, upon receipt of the above objection, we should cease processing your data for marketing purposes);
|
|
|
(ii)
|
processing of your personal data by us for purposes arising from the so-called "legitimate interest" pursued by us, other than for marketing purposes, but once you have lodged such an objection we will no longer be able to process your personal data further. legitimate interest pursued by us, other than marketing, for reasons relating to your particular situation, whereby once you have lodged such an objection with us, we will no longer be able to process your personal data, unless we can demonstrate the existence of: compelling legitimate grounds for processing which override your interests, rights and freedoms; or grounds for the establishment, assertion or defence of claims.
|
HOW YOU CAN EXERCISE YOUR RIGHTS | |||
9.
|
You can exercise your rights at any time by making a request to us by submitting a statement:
| ||
|
-
|
OCHNIK Salon employee,
| |
|
-
|
by email, to: [email protected] or [email protected];
| |
|
-
|
by correspondence, to the address: OCHNIK S.A., ul. Stacyjna 8B, 08-400 Garwolin.
| |
10.
|
We are obliged to provide you with information about the action taken in relation to your requests, without undue delay and in any case within one month of receipt of the request. If necessary, we may extend this deadline by a further two months due to the complexity of the request or the number of requests.
Within one month of receipt of your request, however, we must inform you of such an extension, stating the reasons for it.
| ||
11.
|
If we do not act on your request, we shall inform you immediately - at the latest within one month of receipt of the request - of the reasons for not acting and of the possibility for you to lodge a complaint with the President of the Data Protection Authority and to pursue remedies before the Court.
| ||
12.
|
If we have reasonable doubt about your identity in connection with a request, we may ask you to provide additional information necessary to confirm it.
| ||
13.
|
We will provide you with the information referred to in paragraphs 10 to 12 above, in writing, at our option
| ||
|
-
|
by registered mail to the address you have provided or
| |
|
-
|
electronically to the e-mail address you have provided
| |
|
except where:
| ||
|
|
(i)
|
you submit your request to us electronically and do not request the information in any other form, in which case we will forward the information to you at the e-mail address you have provided;
|
|
|
(ii)
|
you request information verbally and by other means your identity is confirmed by us, in which case we will provide you with the information verbally.
|
14.
|
All communication and action taken by us in relation to your requests are free of charge. However, if your requests are manifestly unreasonable or excessive, e.g. due to their continuing nature, we may:
| ||
|
-
|
charge a reasonable fee, taking into account the administrative costs of providing the information, communication or taking the action requested, or,
| |
|
-
|
refuse to act on the request.
| |
15.
|
We will inform any recipient to whom your personal data has been disclosed by us about the rectification or completion or deletion or restriction of the processing of your personal data that we have carried out in fulfilment of your request. We will only not have to provide such information if it proves impossible to do so (e.g. the company has been liquidated) or if it requires disproportionate effort (the data was disclosed very many years ago and it has not been possible to contact the recipient despite attempts).
| ||
16.
|
On your request, we will inform you of the recipients to whom we have provided information about the rectification or erasure or restriction of the processing of your personal data, as well as the recipients we have failed to notify.
| ||
WHAT ARE COOKIES | |||
17.
|
We may use cookies when you use the services available through our www.ochnik.com website and our other sites.
The cookies that may be used on these pages are associated only with your computer's browser - you are therefore anonymous (no mention of your name).
Cookies are small pieces of information in the form of text files sent by a server and stored on your side as a visitor to our website (e.g. on the hard drive of your computer, laptop or on the memory card of your phone or other device you use). This is information that can be read by our system every time your computer or other device you use connects. They provide statistical data about your movements and your use of individual pages of our website.
The information collected through cookies is used to enhance your convenience and improve the overall quality of the services we offer.
We may process your data contained in cookies for the following purposes:
| ||
|
-
|
identifying you as a person logged in to our online shop and showing that you are logged in,
| |
|
-
|
storage of products added to the basket for ordering by you,
| |
|
-
|
storage of data from completed order forms, surveys or login details for our online shop,
| |
|
-
|
supporting your online shop account,
| |
|
-
|
to adapt the content of our websites to your individual preferences and to optimise your use of the online shop,
| |
|
-
|
keep anonymous statistics showing how our online shop is used.
| |
|
By default, most web browsers on the market accept the storage of cookies. Everyone has the possibility to determine the conditions for the use of these files via their own browser.
You can choose how cookies are handled in the web area at any time by replacing the automatic handling of cookies with individual handling (user settings). In this way, you can, for example, partially restrict or completely deactivate the storage of cookies.
For more detailed information in this regard, please consult the providers of your Internet zone software (browsers), usually under "Internet options" or similar.
Disabling your browser's option to accept cookies - blocking them, prompting you to do so - may make it difficult or even impossible to use our online shop and some of our services.
We are not responsible for the use or handling of cookies on other websites that may be linked to our pages.
| ||
other issues | |||
18.
|
We also process anonymised usage data related to the use of our online shop (IP address, domain) to generate statistics to assist in the administration of the shop. This data is aggregated and anonymised.
| ||
HOW CAN YOU GET ADDITIONAL INFORMATION? | |||
19.
|
For further information regarding this Privacy Policy and matters relating to how we process and protect your personal data, you can contact us :
| ||
|
-
|
by mail, to the address: OCHNIK S.A., ul. Stacyjna 8B, 08-400 Garwolin;
| |
|
-
|
by email, to: [email protected];
| |
|
-
|
directing questions to the Personal Data Inspector - this function is performed by Ms. Małgorzata Rzeszotarska:
| |
|
|
(i)
|
by letter, to the address: OCHNIK S.A. Inspector for Personal Data Protection, ul. Stacyjna 8B, 08-400 Garwolin;
|
|
|
(ii)
|
by email, to: [email protected]
|
20.
|
Specific issues related to the processing of personal data:
| ||
|
-
|
customers of the online shop and electronically provided services;
| |
|
-
|
OCHNIK Client Club members;
| |
|
-
|
clients of stationary salons
| |
|
-
|
B2B clients;
| |
|
see the following Data Protection Policies for each entity group.
| ||
| |||
| |||
| |||
| |||
|
Stay up to date with news and promotions!
+48 25 748 43 10
Mon-Fri: 08:00 – 18:00